漏洞信息详情

Microsoft Windows Internet打印服务整数溢出漏洞

漏洞简介

Microsoft Windows是美国微软(Microsoft)公司发布的一系列操作系统。

IIS的Internet打印协议ISAPI扩展在处理特制的IPP响应时存在整数溢出漏洞。如果Windows系统上在运行IIS且启用了Internet打印服务的话,远程攻击者可以通过特制的HTTP POST请求诱骗受影响的服务器连接到恶意的IPP服务器来触发这个溢出,导致执行任意指令。

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:

Microsoft Windows Server 2003 Datacenter Edition SP1

Microsoft Security Update for Windows Server 2003 (KB953155)

http://www.microsoft.com/downloads/details.aspx?familyid=437a9b68-6a0c -48c8-9348-0d6fda48aa21

Microsoft Windows XP Media Center Edition SP2

Microsoft Security Update fo Windows XP (KB953155)

http://www.microsoft.com/downloads/details.aspx?familyid=e7ef571f-c9e8 -4e14-95a3-3eeaec55b784

Microsoft Windows Server 2003 Itanium SP1

Microsoft Security Update for Windows Server 2003 for Itanium-based Systems (KB953155)

http://www.microsoft.com/downloads/details.aspx?familyid=748f54f1-40b9 -407c-9819-909061b53743&displaylang=en

Microsoft Windows Server 2003 Datacenter x64 Edition SP2

Microsoft Security Update for Windows Server 2003 x64 Edition (KB953155)

http://www.microsoft.com/downloads/details.aspx?familyid=d3df6508-a568 -449d-ac97-fbf3f97b98ef&displaylang=en

Microsoft Windows Vista Home Basic SP1

Microsoft Security Update for Windows Vista (KB953155)

http://www.microsoft.com/downloads/details.aspx?FamilyId=9B5995DF-A3B8 -4E81-B118-9BB057E19884

Microsoft Windows XP Tablet PC Edition SP2

Microsoft Security Update fo Windows XP (KB953155)

http://www.microsoft.com/downloads/details.aspx?familyid=e7ef571f-c9e8 -4e14-95a3-3eeaec55b784

Microsoft Windows Vista Home Premium 64-bit edition SP1

Microsoft Security Update for Windows Vista for x64-based Systems (KB953155)

http://www.microsoft.com/downloads/details.aspx?FamilyId=4A0FCF4B-EB8E -456A-B934-400AE18248EE&displaylang=en

Microsoft Windows XP Media Center Edition SP3

Microsoft Security Update fo Windows XP (KB953155)

http://www.microsoft.com/downloads/details.aspx?familyid=e7ef571f-c9e8 -4e14-95a3-3eeaec55b784

Microsoft Windows Server 2003 Web Edition SP2

Microsoft Security Update for Windows Server 2003 (KB953155)

http://www.microsoft.com/downloads/details.aspx?familyid=437a9b68-6a0c -48c8-9348-0d6fda48aa21

Microsoft Windows Server 2003 Standard Edition SP1

Microsoft Security Update for Windows Server 2003 (KB953155)

http://www.microsoft.com/downloads/details.aspx?familyid=437a9b68-6a0c -48c8-9348-0d6fda48aa21

Microsoft Windows XP Professional x64 Edition SP2

Microsoft Security Update for Windows XP x64 Edition (KB953155)

http://www.microsoft.com/downloads/details.aspx?familyid=3ae4b913-bff0 -4974-b198-828ca10d2a87

Microsoft Windows Vista Ultimate 64-bit edition SP1

Microsoft Security Update for Windows Vista for x64-based Systems (KB953155)

http://www.microsoft.com/downloads/details.aspx?FamilyId=4A0FCF4B-EB8E -456A-B934-400AE18248EE&displaylang=en

Microsoft Windows Vista x64 Edition SP1

Microsoft Security Update for Windows Vista for x64-based Systems (KB953155)

http://www.microsoft.com/downloads/details.aspx?FamilyId=4A0FCF4B-EB8E -456A-B934-400AE18248EE&displaylang=en

Microsoft Windows Vista Ultimate SP1

Microsoft Security Update for Windows Vista (KB953155)

http://www.microsoft.com/downloads/details.aspx?FamilyId=9B5995DF-A3B8 -4E81-B118-9BB057E19884

Microsoft Windows Server 2003 Enterprise x64 Edition

Microsoft Security Update for Windows Server 2003 x64 Edition (KB953155)

http://www.microsoft.com/downloads/details.aspx?familyid=d3df6508-a568 -449d-ac97-fbf3f97b98ef&displaylang=en

Microsoft Windows XP Tablet PC Edition SP3

Microsoft Security Update fo Windows XP (KB953155)

http://www.microsoft.com/downloads/details.aspx?familyid=e7ef571f-c9e8 -4e14-95a3-3eeaec55b784

Microsoft Windows Server 2003 Datacenter x64 Edition

Microsoft Security Update for Windows Server 2003 x64 Edition (KB953155)

http://www.microsoft.com/downloads/details.aspx?familyid=d3df6508-a568 -449d-ac97-fbf3f97b98ef&displaylang=en

Microsoft Windows Server 2008 for x64-based Systems 0

Microsoft Security Update for Windows Server 2008 x64 Edition (KB953155)

http://www.microsoft.com/downloads/details.aspx?familyid=a33c833c-d5c5 -4e37-8f89-7b9079f92e59&displaylang=en

Microsoft Windows 2000 Advanced Server SP4

Microsoft Security Update for Windows 2000 (KB953155)

http://www.microsoft.com/downloads/details.aspx

参考网址

来源:XF

链接:https://exchange.xforce.ibmcloud.com/vulnerabilities/45545

来源:CERT

链接:http://www.us-cert.gov/cas/techalerts/TA08-288A.html

来源:OVAL

链接:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5764

来源:HP

链接:http://marc.info/?l=bugtraq&m=122479227205998&w=2

来源:MS

链接:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-062

来源:VUPEN

链接:http://www.vupen.com/english/advisories/2008/2813

来源:BID

链接:http://www.securityfocus.com/bid/31682

来源:SECUNIA

链接:http://secunia.com/advisories/32248

来源:SECTRACK

链接:http://www.securitytracker.com/id?1021048

来源:BID

链接:https://www.securityfocus.com/bid/31682

来源:XF

链接:https://exchange.xforce.ibmcloud.com/vulnerabilities/45548

来源:CERT-VN

链接:http://www.kb.cert.org/vuls/id/793233

补丁

    暂无

漏洞信息快速查询

相关漏洞

更多